Free ebooks & videos training

Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios by Mike Schiffman (Conductor)
Publisher: McGraw-Hill Osborne Media (October 1, 2001) | ISBN-10: 0072193840 | PDF | 19,3 Mb | 300 pages

Mike Schiffman has hit upon a great formula for Hacker's Challenge. Rather than try to research, fully understand, and adequately explain attacks that have taken place on other people's networks--the approach taken by too many writers of books about computer security--Schiffman lets network administrators and security experts tell their stories first-hand. This is good. What's better is that Schiffman has edited each of their war stories into two sections: one that presents the observations the sysadmin or security consultant made at the time of the attack, and another (in a separate part of the book) that ties the clues together and explains exactly what was going on. The challenge in the title is for you to figure out what the bad guys were doing--and how best to stop them--before looking at the printed solution. Let's call this book what it is: an book for people with an interest in network security.
It doesn't really matter, from a value-for-money standpoint, whether your skills are up to the challenge or not. The accounts of intrusions--these are no-kidding, real-life attacks that you can probably learn from, by the way--are written like chapters from a novel (though log file listings, network diagrams, and performance graphs appear alongside the narrative text). Recall every time you've seen a movie or read a book with computer scenes so technically inaccurate they made you wish for a writer with a clue. Schiffman and Hacker's Challenge is what you wished for. --David Wall

Take a technogothic journey inside the world of a hacker as seen by security expert John Chirillo. Drawing on his own experience as a hacking consultant for Fortune 1000 companies, Chirillo shows how hackers can exploit network security holes and how you can recognize an oncoming threat to your security. The book features details of the powerful Tiger Box� system, used by hackers to penetrate vulnerable networks, and teaches you how to use that same tool to your advantage.

In this highly provocative work, you�ll discover:

� The hacker�s perspective on networking protocols and communication technologies

� A complete hacker�s technology handbook, illustrating techniques used by hackers, crackers, phreaks, and cyberpunks

� Information discovery and scanning tools for hacking into known and unknown ports and service vulnerabilities

� Detailed instructions for customizing the Tiger Box for your needs and using it to search hack attacks

This book is for system administrators and security professionals who need to bring now ubiquitous IM and P2P applications under their control. Many businesses are now taking advantage of the speed and efficiency offered by both IM and P2P applications, yet are completely ill-equipped to deal with the management and security ramifications.

These companies are now finding out the hard way that these applications which have infiltrated their networks are now the prime targets for malicious network traffic. This book will provide specific information for IT professionals to protect themselves from these vulnerabilities at both the network and application layers by identifying and blocking this malicious traffic.

* A recent study by the Yankee group ranked "managing and securing IM and P2P applications" as the #3 priority for IT managers in 2004

* The recently updated SANS/FBI top 10 list of vulnerabilities for computers running Microsoft Windows contained both P2P and IM applications for the first time

* The recently released Symantec Threat Assessment report for the first half of 2004 showed that 19 of the top 50 virus threats targeted IM or P2P applications. Despite the prevalence of IM and P2P applications on corporate networks and the risks they pose, there are no other books covering these topics

URL

http://www.amazon.com/Securing-Im-P2P-Applications-Enterprise/dp/1597490172

Download
Code:

 http://www1.vista-server.com/uploadfile/6/3/16/20355883672.zip
http://www2.vista-server.com/uploadfile/6/3/16/20355883672.zip
http://www3.vista-server.com/uploadfile/6/3/16/20355883672.zip

Book Description
Hackers have uncovered the dark side of cryptography�that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It�s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you�re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker�as much an addict as the vacant-eyed denizen of the crackhouse�so you can feel the rush and recognize your opponent�s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

* Understand the mechanics of computationally secure information stealing
* Learn how non-zero sum Game Theory is used to develop survivable malware
* Discover how hackers use public key cryptography to mount extortion attacks
* Recognize and combat the danger of kleptographic attacks on smart-card devices
* Build a strong arsenal against a cryptovirology attack

Code:

John.Wiley.and.Sons.Malicious.Cryptography.Exposing.Cryptovirology.pdf

Book Description
Practical Hacking Techniques and Countermeasures examines computer security from the hacker's perspective, demonstrating how a computer system can be successfully attacked and compromised. This book shows how an attack is conceptualized, formulated and performed. With the VMware� Workstation software package available on the accompanying CD, it uses virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It offers examples of attacks on Windows and Linux. It also covers such topics as footprinting, scanning, sniffing, passwords, and other attack tools. This text provides valuable information for constructing a system to defend against attacks.

Code:

Auerbach.Practical.Hacking.Techniques.and.Countermeasures.rar

Exploiting Software: How to Break Code (Paperback)
by Greg Hoglund, Gary McGraw
Paperback: 512 pages
Publisher: Addison-Wesley Professional (February 17, 2004)
Language: English
ISBN: 0201786958

Software security is gaining momentum as security professionals realize that computer security is really all about making software behave. The publication of Building Secure Software in 2001 (Viega and McGraw) unleashed a number of related books that have crystallized software security as a critical field. Already, security professionals, software developers, and business leaders are resonating with the message and asking for more. Building Secure Software (co-authored by McGraw) is intended for software professionals ranging from developers to managers, and is aimed at helping people develop more secure code. Exploiting Software is useful to the same target audience, but is really intended for security professionals interested in how to find new flaws in software. This book should be of particular interest to security practitioners working to beef up their software security skills, including red teams and ethical hackers. Exploiting Software is about how to break code. Our intention is to provide a realistic view of the technical issues faced by security professionals. This book is aimed directly toward software security as opposed to network security. As security professionals come to grips with the software security problem, they need to understand how software systems break. Solutions to each of the problems discussed in Exploiting Software can be found in Building Secure Software. The two books are mirror images of each other. We believe that software security and application security practitioners are in for a reality check. The problem is that simple and popular approaches being hawked by upstart "application security" vendors as solutions--such as canned black box testing tools--barely scratch the surface. This book aims to cut directly through the hype to the heart of the matter. We need to get real about what we're up against. This book describes exactly that. What This Book Is About This book closely examines many real-world software exploits, explaining how and why they work, the attack patterns they are based on, and in some cases how they were discovered. Along the way, this book also shows how to uncover new software vulnerabilities and how to use them to break machines. Chapter 1 describes why software is the root of the computer security problem. We introduce the trinity of trouble--complexity, extensibility, and connectivity--and describe why the software security problem is growing. We also describe the future of software and its implications for software exploit. Chapter 2 describes the difference between implementation bugs and architectural flaws. We discuss the problem of securing an open system, and explain why risk management is the only sane approach. Two real-world exploits are introduced: one very simple and one technically complex. At the heart of Chapter 2 is a description of attack patterns. We show how attack patterns fit into the classic network security paradigm and describe the role that attack patterns play in the rest of the book. The subject of Chapter 3 is reverse engineering. Attackers disassemble, decompile, and deconstruct programs to understand how they work and how they can be made not to. Chapter 3 describes common gray box analysis techniques, including the idea of using a security patch as an attack map. We discuss Interactive Disassembler (IDA), the state-of-the-art tool used by hackers to understand programs. We also discuss in detail how real cracking tools are built and used. In Chapters 4, 5, 6, and 7, we discuss particular attack examples that provide instances of attack patterns. These examples are marked with an asterisk. Chapters 4 and 5 cover the two ends of the client-server model. Chapter 4 begins where the book Hacking Exposed McClure et al., 1999 leaves off, discussing trusted input, privilege escalation, injection, path tracing, exploiting trust, and other attack techniques specific to server software. Chapter 5 is about attacking client software using in-band signals, cross-site scripting, and mobile code. The problem of backwash attacks is also introduced. Both chapters are studded with attack patterns and examples of real attacks. Chapter 6 is about crafting malicious input. It goes far beyond standard-issue "fuzzing" to discuss partition analysis, tracing code, and reversing parser code. Special attention is paid to crafting equivalent requests using alternate encoding techniques. Once again, both real-world example exploits and the attack patterns that inspire them are highlighted throughout. The whipping boy of software security, the dreaded buffer overflow, is the subject of Chapter 7. This chapter is a highly technical treatment of buffer overflow attacks that leverages the fact that other texts supply the basics. We discuss buffer overflows in embedded systems, database buffer overflows, buffer overflow as targeted against Java, and content-based buffer overflows. Chapter 7 also describes how to find potential buffer overflows of all kinds, including stack overflows, arithmetic errors, format string vulnerabilities, heap overflows, C++ vtables, and multistage trampolines. Payload architecture is covered in detail for a number of platforms, including x86, MIPS, SPARC, and PA-RISC. Advanced techniques such as active armor and the use of trampolines to defeat weak security mechanisms are also covered. Chapter 7 includes a large number of attack patterns. Chapter 8 is about rootkits--the ultimate apex of software exploit. This is what it means for a machine to be "owned." Chapter 8 centers around code for a real Windows XP rootkit. We cover call hooking, executable redirection, hiding files and processes, network support, and patching binary code. Hardware issues are also discussed in detail, including techniques used in the wild to hide rootkits in EEPROM. A number of advanced rootkit topics top off Chapter 8. As you can see, Exploiting Software runs the gamut of software risk, from malicious input to stealthy rootkits. Using attack patterns, real code, and example exploits, we clearly demonstrate the techniques that are used every day by real malicious hackers against software. How to Use This Book This book is useful to many different kinds of people: network administrators, security consultants, information warriors, developers, and security programmers. If you are responsible for a network full of running software, you should read this book to learn the kinds of weaknesses that exist in your system and how they are likely to manifest. If you are a security consultant, you should read this book so you can effectively locate, understand, and measure security holes in customer systems. If you are involved in offensive information warfare, you should use this book to learn how to penetrate enemy systems through software. If you create software for a living, you should read this book to understand how attackers will approach your creation. Today, all developers should be security minded. The knowledge here will arm you with a real understanding of the software security problem. If you are a security programmer who knows your way around code, you will love this book. The primary audience for this book is the security programmer, but there are important lessons here for all computer professionals. But Isn't This Too Dangerous? It's important to emphasize that none of the information we discuss here is news to the hacker community. Some of these techniques are as old as the hills. Our real objective is to provide some eye-opening information and up the level of discourse in software security. Some security experts may worry that revealing the techniques described in this book will encourage more people to try them out. Perhaps this is true, but hackers have always had better lines of communication and information sharing than the good guys. This information needs to be understood and digested by security professionals so that they know the magnitude of the problem and they can begin to address it properly. Shall we grab the bull by the horns or put our head in the sand? Perhaps this book will shock you. No matter what, it will educate you.
CODE

http://rapidshare.com/files/172502937/0201786958_Addison.Wesley_-_Exploiting.Software.How.to.Break.Code.Feb.2004.rar

.NET Security and Cryptography

Peter Thorsteinson, G. Gnana Arun Ganesh

.NET Security and Cryptography

Prentice Hall PTR - ISBN: 013100851X - Year 2003 - 496 pages - CHM - 3.1 MB
Learn how to make your .NET applications secure!

Security and cryptography, while always an essential part of the computing industry, have seen their importance increase greatly in the last several years. Microsoft's .NET Framework provides developers with a powerful new set of tools to make their applications secure. NET Security and Cryptography is a practical and comprehensive guide to implementing both the security and the cryptography features found in the .NET platform. The authors provide numerous clear and focused examples in both C# and Visual Basic .NET, as well as detailed commentary on how the code works. They cover topics in a logical sequence and context, where they are most relevant and most easily understood.

This book will allow developers to:

Develop a solid basis in the theory of cryptography, so they can understand how the security tools in the .NET Framework function
Learn to use symmetric algorithms, asymmetric algorithms, and digital signatures
Master both traditional encryption programming as well as the new techniques of XML encryption and XML signatures
Learn how these tools apply to ASP.NET and Web Services security

download:
Code:

 http://rapidshare.com/files/4488122/Pren_Hall_-_Dot_Net_Security_And_Crypto_ertu.rar

The Art of Computer Virus Research and Defense

Category: Other
Language: English
FileType: CHM
File size: 13773 KB
Preface Preface Who Should Read This Book Over the last two decades, several publications appeared on the subject of computer viruses, but only a few have been written by professionals ("insiders") of computer virus research.
Although many books exist that discuss the computer virus problem, they usually target a novice audience and are simply not too interesting for the technical professionals.
There are only a few works that have no worries going into the technical details, necessary to understand, to effectively defend against computer viruses.
Part of the problem is that existing books have little if any information about the current complexity of computer viruses.
For example, they lack serious technical information on fast-spreading computer worms that exploit vulnerabilities to invade target systems, or they do not discuss recent code evolution techniques such as code metamorphism.
If you wanted to get all the information I have in this book, you would need to spend a lot of time reading articles and papers that are often hidden somewhere deep inside computer virus and security conference proceedings, and perhaps you would need to dig into malicious code for years to extract the relevant details.
I believe that this book is most useful for IT and security professionals who fight against computer viruses on a daily basis.
Nowadays, system administrators as well as individual home users often need to deal with computer worms and other malicious programs on their networks. Unfortunately, security courses have very little training on computer virus protection, and the general public knows very little about how to analyze and defend their network from such attacks.
To make things more difficult, computer virus analysis techniques have not been discussed in any existing works in sufficient length before.
I also think that, for anybody interested in information security, being aware of what the computer virus writers have "achieved" so far is an important thing to know.
For years, computer virus researchers used to be "file" or "infected object" oriented.
To the contrary, security professionals were excited about suspicious events only on the network level.
In addition, threats such as CodeRed worm appeared to inject their code into the memory of vulnerable processes over the network, but did not "infect" objects on the disk.
Today, it is important to understand all of these major perspectives the file (storage), in-memory, and network views and correlate the events using malicious code analysis techniques.
During the years, I have trained many computer virus and security analysts to effectively analyze and respond to malicious code threats.
In this book, I have included information about anything that I ever had to deal with.
For example, I have relevant examples of ancient threats, such as 8-bit viruses on the Commodore 64.
You will see that techniques such as stealth technology appeared in the earliest computer viruses, and on a variety of platforms.
Thus, you will be able to realize that current rootkits do not represent anything new! You will find sufficient coverage on 32-bit Windows worm threats with in-depth exploit discussions, as well as 64-bit viruses and "pocket monsters" on mobile devices.
All along the way, my goal is to illustrate how old techniques "reincarnate" in new threats and demonstrate up-to-date attacks with just enough technical details.
I am sure that many of you are interested in joining the fight against malicious code, and perhaps, just like me, some of you will become inventors of defense techniques.
All of you should, however, be aware of the pitfalls and the challenges of this field! That is what this book is all about.
What I Cover The purpose of this book is to demonstrate the current state of the art of computer virus and antivirus developments and to teach you the methodology of computer virus analysis and protection.
I discuss infection techniques of computer viruses from all possible perspectives: file (on storage), in-memory, and network. I classify and tell you all about the dirty little tricks of computer viruses that bad guys developed over the last two decades and tell you what has been done to deal with complexities such as code polymorphism and exploits.
The easiest way to read this book is, well, to read it from chapter to chapter. However, some of the attack chapters have content that can be more relevant after understanding techniques presented in the defense chapters.
If you feel that any of the chapters are not your taste, or are too difficult or lengthy, you can always jump to the next chapter.
I am sure that everybody will find some parts of this book very difficult and other parts very simple, depending on individual experience.
I expect my readers to be familiar with technology and some level of programming.
There are so many things discussed in this book that it is simply impossible to cover everything in sufficient length.
However, you will know exactly what you might need to learn from elsewhere to be absolutely successful against malicious threats.
To help you, I have created an extensive reference list for each chapter that leads you to the necessary background information.
Indeed, this book could easily have been over 1,000 pages. However, as you can tell, I am not Shakespeare. My knowledge of computer viruses is great, not my English.
Most likely, you would have no benefit of my work if this were the other way around.
What I Do Not Cover I do not cover Trojan horse programs or backdoors in great length.
This book is primarily about self-replicating malicious code. There are plenty of great books available on regular malicious programs, but not on computer viruses.
I do not present any virus code in the book that you could directly use to build another virus.
This book is not a "virus writing" class. My understanding, however, is that the bad guys already know about most of the techniques that I discuss in this book.
So, the good guys need to learn more and start to think (but not act) like a real attacker to develop their defense! Interestingly, many universities attempt to teach computer virus research courses by offering classes on writing viruses.
Would it really help if a student could write a virus to infect millions of systems around the world? Will such students know more about how to develop defense better? Simply, the answer is no...
Instead, classes should focus on the analysis of existing malicious threats. There are so many threats out there waiting for somebody to understand them and do something against them. Of course, the knowledge of computer viruses is like the "Force" in Star Wars .
Depending on the user of the "Force," the knowledge can turn to good or evil. I cannot force you to stay away from the "Dark Side," but I urge you to do so. /> class="navigation"> Copyright Pearson Education. All rights reserved.
Link Download:
Code:

 http://dl65l32.rapidshare.com/files/9609180/The.Art.of.Computer.Virus.Research.and.Defense.zip

# Provides detailed examples of attacks on Windows and Linux
# Contains numerous screenshots for easily verified results
# Details Linux script compilation and use
# Lists the complete syntax for tools used throughout the book

Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws.

Written in a lab manual style, the book begins with the installation of the VMware� Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks.

Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures

By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.

# 752 pages PDF Format
# Publisher: AUERBACH; Har/Cdr edition (November 2, 2006)
# Language: English
# ISBN-10: 0849370574
# ISBN-13: 978-0849370571

http://rapidshare.com/files/98013521/b-559b01.zip.html

Security is one of the most significant components in wireless systems to ensure the integrity of communications among terminals, networks, and services. As the field of wireless communications expands and inundates personal and professional lives worldwide, up-to-date wireless security research and knowledge becomes increasingly more vital to society.

The Handbook of Research on Wireless Security combines research from esteemed experts on security issues in various wireless communications, recent advances in wireless security, the wireless security model, and future directions in wireless security. As an innovative and current reference source for students, educators, faculty members, researchers, engineers in the field of wireless security, this handbook will make an invaluable addition to any library collection.

URL :
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/159904899X/

DOWNLOAD :
Code:

http://rapidshare.com/files/112187178/IGI.Global.Handbook.of.Research.on.Wireless.Security.Mar.2008.pdf

Databases are the nerve center of our economy. Every piece of your personal information is stored there�medical records, bank accounts, employment history, pensions, car registrations, even your children�s grades and what groceries you buy. Database attacks are potentially crippling�and relentless.

In this essential follow-up to The Shellcoder�s Handbook, four of the world�s top security experts teach you to break into and defend the seven most popular database servers. You�ll learn how to identify vulnerabilities, how attacks are carried out, and how to stop the carnage. The bad guys already know all this. You need to know it too.

- Identify and plug the new holes in Oracle and Microsoft SQL Server
- Learn the best defenses for IBM�s DB2, PostgreSQL, Sybase ASE, and MySQL servers
- Discover how buffer overflow exploitation, privilege escalation through SQL, stored procedure or trigger abuse, and SQL injection enable hacker access
- Recognize vulnerabilities peculiar to each database
- Find out what the attackers already know

Link Arrow

http://rapidshare.com/files/2226538/The_DBH_Handbook.rar.html

Eric Vyncke, Christopher Paggen, "LAN Switch Security: What Hackers Know About Your Switches"
Cisco Press | ISBN:1587052563 | September 6, 2007 | 360 pages | CHM | 2.7MB

Contrary to popular belief, Ethernet switches are not inherently secure. Security vulnerabilities in Ethernet switches are multiple: from the switch implementation, to control plane protocols (Spanning Tree Protocol [STP], Cisco� Discovery Protocol [CDP], and so on) and data plane protocols, such as Address Routing Protocol (ARP) or Dynamic Host Configuration Protocol (DHCP). LAN Switch Security explains all the vulnerabilities in a network infrastructure related to Ethernet switches. Further, this book shows you how to configure a switch to prevent or to mitigate attacks based on those vulnerabilities. This book also includes a section on how to use an Ethernet switch to increase the security of a network and prevent future attacks.

Download:

This text introduces the spirit and theory of hacking as well as the science behind it all; it also provides some core techniques and tricks of hacking so you can think like a hacker, write your own hacks or thwart potential system attacks.

Link Download:
Code:

http://rapidshare.com/files/27159770/Hacking-The_Art_of_Exploitation.rar

Prevent catastrophic network attacks by exposing security flaws, fixing
them, and ethically reporting them to the software author. Fully
expanded to cover the hacker's latest devious methods, Gray Hat Hacking:
The Ethical Hacker's Handbook, Second Edition lays out each exploit
alongside line-by-line code samples, detailed countermeasures, and moral
disclosure procedures. Find out how to execute effective penetration
tests, use fuzzers and sniffers, perform reverse engineering, and find
security holes in Windows and Linux applications. You'll also learn how
to trap and autopsy stealth worms, viruses, rootkits, adware, and
malware.

- Implement vulnerability testing, discovery, and reporting procedures
that comply with applicable laws
- Learn the basics of programming, stack operations, buffer overflow
and heap vulnerabilities, and exploit development
- Test and exploit systems using Metasploit and other tools
- Break in to Windows and Linux systems with perl scripts, Python
scripts, and customized C programs
- Analyze source code using ITS4, RATS, FlawFinder, PREfast, Splint,
and decompilers
- Understand the role of IDA Pro scripts, FLAIR tools, and third-party
plug-ins in discovering software vulnerabilities
- Reverse-engineer software using decompiling, profiling, memory
monitoring, and data flow analysis tools
- Reveal client-side web browser vulnerabilities with MangleMe, AxEnum,
and AxMan
- Probe Windows Access Controls to discover insecure access tokens,
security descriptors, DACLs, and ACEs
- Find and examine malware and rootkits using honeypots, honeynets, and
Norman SandBox technology

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/0071495681/

Download:
Code:

http://rapidshare.com/files/95223553/McGraw.Hill.Gray.Hat.Hacking.2nd.Edition.Dec.2007.pdf

Hacker Attack is the only book about computer security that is at once entertaining, understandable, and practical. You'll be fascinated as you read about hackers, crackers and whackers--people who spend their time trying to break into your computer, spreading computer viruses, or peeping (and recording what they see!) as you surf the Internet or send email. Best of all, this book provides simple but powerful solutions to all these security needs. It's all on the book's CD. Protect yourself right now with firewalls, anonymisers, and virus-guards. This is without doubt the most readable and interesting book about computer security ever written. You'll enjoy reading it, and you'll be safe after you've followed its advice.
URL:

Code:

http://www.amazon.com/Hacker-Attack-Richard-Mansfield/dp/0782128300

Download

http://mihd.net/f6ntms

"This book concisely identifies the types of attacks which are faced
daily by Web 2.0 sites, and the authors give solid, practical advice on
how to identify and mitigate these threats." --Max Kelly, CISSP, CIPP,
CFCE, Senior Director of Security, Facebook Protect your Web 2.0
architecture against the latest wave of cybercrime using expert tactics
from Internet security professionals. Hacking Exposed Web 2.0 shows how
hackers perform reconnaissance, choose their entry point, and attack Web
2.0-based services, and reveals detailed countermeasures and defense
techniques. You'll learn how to avoid injection and buffer overflow
attacks, fix browser and plug-in flaws, and secure AJAX, Flash, and
XML-driven applications. Real-world case studies illustrate social
networking site weaknesses, cross-site attack methods, migration
vulnerabilities, and IE7 shortcomings.

- Plug security holes in Web 2.0 implementations the proven Hacking
Exposed way
- Learn how hackers target and abuse vulnerable Web 2.0 applications,
browsers, plug-ins, online databases, user inputs, and HTML forms
- Prevent Web 2.0-based SQL, XPath, XQuery, LDAP, and command
injection attacks
- Circumvent XXE, directory traversal, and buffer overflow exploits
- Learn XSS and Cross-Site Request Forgery methods attackers use to
bypass browser security controls
- Fix vulnerabilities in Outlook Express and Acrobat Reader add-ons
- Use input validators and XML classes to reinforce ASP and .NET
security
- Eliminate unintentional exposures in ASP.NET AJAX (Atlas), Direct
Web Remoting, Sajax, and GWT Web applications
- Mitigate ActiveX security exposures using SiteLock, code signing,
and secure controls
- Find and fix Adobe Flash vulnerabilities and DNS rebinding attacks

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/0071494618/

Code:

http://rapidshare.com/files/95219435/McGraw.Hill.Hacking.Exposed.Web.2.0.Dec.2007.pdf

Tom St Denis, �Cryptography for Developers�
Publisher: Syngress Publishing | English | ISBN: 1597491047 | PDF | 5.01 MB | 400 Pages

Developers tasked with security problems are often not cryptographers themselves. They are bright people who, with careful guidance, can implement secure cryptosystems. This book will guide developers in their journey towards solving cryptographic problems. If you have ever asked yourself "just how do I setup AES?" then this text is for you. ASN.1 Encoding The chapter on ASN.1 encoding delivers a treatment of the Abstract Syntax Notation One (ASN.1) encoding rules for data elements such as strings, binary strings, integers, dates and times, and sets and sequences. Random Number Generation This chapter discusses the design and construction of standard random number generators (RNGs) such as those specified by NIST. Advanced Encryption Standard This chapter discusses the AES block cipher design, implementation trade-offs, side channel hazards, and modes of use. It concentrates on the key design elements important to implementers and how to exploit them in various trade-off conditions. Hash Functions This chapter discusses collision resistance, provides examples of exploits, and concludes with known incorrect usage patterns. Message Authentication Code Algorithms This chapter discusses the HMAC and CMAC Message Authentication Code (MAC) algorithms, which are constructed from hash and cipher functions. Encrypt and Authenticate Modes This chapter discusses the IEEE and NIST encrypt and authenticate modes GCM and CCM. Both modes introduce new concepts to cryptographic functions. Focus is given to the concept of replay attacks, and initialization techniques are explored in depth. Large Integer Arithmetic This chapter discusses the techniques behind manipulating large integers such as those used in public key algorithms. Public Key Algorithms This chapter introduces public key cryptography, including the RSA algorithm and its related PKCS #1 padding schemes. It also introduces new math in the form of various elliptic curve point multipliers.

Link Download:
Code:

http://dl43tl2.rapidshare.com/files/5874805/Cryptography_for_Developers_EBook_ISBN-1597491047.rar

Meet the challenges of Windows security with the exclusive Hacking
Exposed "attack-countermeasure" approach. Learn how real-world malicious
hackers conduct reconnaissance of targets and then exploit common
misconfigurations and software flaws on both clients and servers. See
leading-edge exploitation techniques demonstrated, and learn how the
latest countermeasures in Windows XP, Vista, and Server 2003/2008 can
mitigate these attacks. Get practical advice based on the authors' and
contributors' many years as security professionals hired to break into
the world's largest IT infrastructures. Dramatically improve the
security of Microsoft technology deployments of all sizes when you learn
to:

- Establish business relevance and context for security by highlighting
real-world risks
- Take a tour of the Windows security architecture from the hacker's
perspective, exposing old and new vulnerabilities that can easily be
avoided
- Understand how hackers use reconnaissance techniques such as
footprinting, scanning, banner grabbing, DNS queries, and Google
searches to locate vulnerable Windows systems
- Learn how information is extracted anonymously from Windows using
simple NetBIOS, SMB, MSRPC, SNMP, and Active Directory enumeration
techniques
- Prevent the latest remote network exploits such as password grinding
via WMI and Terminal Server, passive Kerberos logon sniffing, rogue
server/man-in-the-middle attacks, and cracking vulnerable services
- See up close how professional hackers reverse engineer and develop
new Windows exploits
- Identify and eliminate rootkits, malware, and stealth software
- Fortify SQL Server against external and insider attacks
- Harden your clients and users against the latest e-mail phishing,
spyware, adware, and Internet Explorer threats
- Deploy and configure the latest Windows security countermeasures,
including BitLocker, Integrity Levels, User Account Control, the updated
Windows Firewall, Group Policy, Vista Service Refactoring/Hardening,
SafeSEH, GS, DEP, Patchguard, and Address Space Layout Randomization

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/007149426X/

Download:
Code:

http://rapidshare.com/files/93030576/McGraw.Hill.Hacking.Exposed.Windows.3rd.Edition.Dec.2007.pdf

A-List Publishing | ISBN: 1931769222 | 600 pages | 4.8MB | CHM

Going beyond the issues of analyzing and optimizing programs as well as creating the means of protecting information, this guide takes on the programming problem of, once having found holes in a program, how to go about disassembling it without its source code. Covered are the hacking methods used to analyze programs using a debugger and disassembler. These methods include virtual functions, local and global variables, branching, loops, objects and their hierarchy, and mathematical operators. Also covered are methods of fighting disassemblers, self-modifying code in operating systems, and executing code in the stack. Advanced disassembler topics such as optimizing compilers and movable code are discussed as well.

Link Download:
http://rapidshare.com/files/137499577/A.LIST.Publishing.Hacker.Disassembling.Uncovered.eBook-LiB.chm

As Internet traffic continues to grow exponentially, there is a great
need to build Internet protocol (IP) routers with high-speed and
high-capacity packet networking capabilities. The first book to explore
this subject, Packet Forwarding Technologies explains in depth packet
forwarding concepts and implementation technologies. It covers the data
structures, algorithms, and architectures used to implement high-speed
routers. Following an introduction to the architecture of IP routers,
the author discusses how IP address lookup is one of the major
bottlenecks in high-performance routers. He describes the
characteristics of a routing table and addresses the difficulty of the
longest-matching prefix search. The remainder of the book deals with
fast IP address lookup. Coverage includes the various available
architectures, data structures, and algorithms based on software and
hardware as well as detailed discussions on state-of-the-art
innovations. With many illustrations, tables, and simulations, this
practical guide to packet forwarding technologies facilitates
understanding of IP routers and the latest router designs.

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/084938057X/

Download:
Code:

http://rapidshare.com/files/110454860/Auerbach.Packet.Forwarding.Technologies.Dec.2007.pdf

A lot of computer-security textbooks approach the subject from a defensive point of view. �Do this, and probably you�ll survive a particular kind of attack,� they say. In refreshing contrast, Hacking Exposed, Second Edition talks about security from an offensive angle. A Jane�s-like catalog of the weaponry that black-hat hackers use is laid out in full. Readers see what programs are out there, get a rundown on what the programs can do, and benefit from detailed explanations of concepts (such as wardialing and rootkits) that most system administrators kind of understand, but perhaps not in detail. The book also walks through how to use the more powerful and popular hacker software, including L0phtCrack. This new edition has been updated extensively, largely with the results of �honeypot� exercises (in which attacks on sacrificial machines are monitored) and Windows 2000 public security trials. There�s a lot of new stuff on e-mail worms, distributed denial-of-service (DDoS) attacks, and attacks that involve routing protocols.

The result of all of this familiarity with bad-guy tools is a leg up on defending against them. Hacking Exposed wastes no time in explaining how to implement the countermeasures�where they exist�that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what Unix configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare. They spare no criticism of products with which they aren�t impressed, and don�t hesitate to point out inherent, uncorrectable security weaknesses where they find them. This book is no mere rehashing of generally accepted security practices. It and its companion Web site are the best way for all of you network administrators to know thine enemies. �David Wall

Topics covered:
Security vulnerabilities of operating systems, applications, and network devices
Administrative procedures that will help defeat them
Techniques for hacking Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, Novell NetWare, and Unix
Strategies for breaking into (or bringing down) telephony devices, routers, and firewalls

Link download :http://rapidshare.com/files/37093636/Hacking_Exposed_5th_Ed_0072260815.rar

Security Monitoring with Cisco Security MARS

Threat mitigation system deployment

Networks and hosts are probed hundreds or thousands of times a day in an
attempt to discover vulnerabilities. An even greater number of automated
attacks from worms and viruses stress the same devices. The sheer volume
of log messages or events generated by these attacks and probes,
combined with the complexity of an analyst needing to use multiple
monitoring tools, often makes it impossible to adequately investigate
what is happening.

Cisco(r) Security Monitoring, Analysis, and Response System (MARS) is a
next-generation Security Threat Mitigation system (STM). Cisco Security
MARS receives raw network and security data and performs correlation and
investigation of host and network information to provide you with
actionable intelligence. This easy-to-use family of threat mitigation
appliances enables you to centralize, detect, mitigate, and report on
priority threats by leveraging the network and security devices already
deployed in a network, even if the devices are from multiple vendors.

Security Monitoring with Cisco Security MARS helps you plan a MARS
deployment and learn the installation and administration tasks you can
expect to face. Additionally, this book teaches you how to use the
advanced features of the product, such as the custom parser, Network
Admission Control (NAC), and global controller operations. Through the
use of real-world deployment examples, this book leads you through all
the steps necessary for proper design and sizing, installation and
troubleshooting, forensic analysis of security events, report creation
and archiving, and integration of the appliance with Cisco and
third-party vulnerability assessment tools.

Learn the differences between various log aggregation and correlation
systems:

- Examine regulatory and industry requirements
- Evaluate various deployment scenarios
- Properly size your deployment
- Protect the Cisco Security MARS appliance from attack
- Generate reports, archive data, and implement disaster recovery
plans
- Investigate incidents when Cisco Security MARS detects an attack
- Troubleshoot Cisco Security MARS operation
- Integrate Cisco Security MARS with Cisco Security Manager, NAC, and
third-party devices
- Manage groups of MARS controllers with global controller operations

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/1587052709/

Download:
Code:

http://depositfiles.com/files/2816840

Mirror Download:
Code:

http://rapidshare.com/files/78631590/1587052709.zip

Juniper Networks Secure Access SSL VPN appliances provide a complete
range of remote access appliances for the smallest companies up to the
largest service providers. As a system administrator or security
professional, this comprehensive configuration guide will allow you to
configure these appliances to allow remote and mobile access for
employees. If you manage and secure a larger enterprise, this book will
help you to provide remote and/or extranet access, for employees,
partners, and customers from a single platform.

* Complete coverage of the Juniper Networks Secure Access SSL VPN line
including the 700, 2000, 4000, 6000, and 6000 SP.
* Learn to scale your appliances to meet the demands of remote workers
and offices.
* Use the NEW coordinated threat control with Juniper Networks IDP to
manage the security of your entire enterprise.

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/1597492000/

Download:
Code:

http://depositfiles.com/files/3135496

Mirror Download:
Code:

http://rapidshare.com/files/84811600/1597492000.zip

Organized by exam objectives, this is a focused, concise review guide
that works hand-in-hand with any learning tool, including the Sybex
CCNA: Cisco Certified Network Associate Study Guide, 6th and Deluxe
editions. The book will consist of four high-level chapters, each
mapping to the four main Domains of the exam skill-set. The book will
drill down into the specifics of the exam, covering the following:

- Designing Cisco internetworks
- Developing an access list
- Evaluating TCP/IP communication
- Configuring routers and switches
- Configuring IP addresses, subnet masks, and gateway addresses
- Performing LAN, VLAN, and WAN troubleshooting
- Understanding rules for packet control.

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/0470185716/

Download:
Code:

http://depositfiles.com/files/2847354

Mirror Download:
Code:

http://rapidshare.com/files/79216716/0470185716.zip

Book Description
This book/CD-ROM package is THE definitive reference to the benefits, pitfalls, set-up, troubleshooting, and repair of wireless networks. The author covers the entire range of wireless networks and explains the specific needs of each individual application.

* Introduces all the various wireless system components--both "off the shelf" and subscriber
* Covers essential technologies such as 802.11a and b, Bluetooth, and 3G cellular phone systems
* Provides solutions for interference, range, and throughput problems
* CD-ROM includes software tools and utilities to assist with connections, diagnostics, troubleshooting, and repair

Download Description
his eBook is THE definitive reference to the benefits, pitfalls, set-up, troubleshooting, and repair of wireless networks. The author covers the entire range of wireless networks and explains the specific needs of each individual application.

Code:

http://rapidshare.com/files/97106197/Installing.Troubleshooting.And.Repairing.Wireless.Networks.pdf

Writing Security Tools and Exploits
December 21, 2005 | ISBN: 1597499978 | 664 pages | December 21, 2005 | PDF | 6 Mb

Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
* Provides readers with working code to develop and modify the most common security tools including Nmap and Nessus
* Learn to reverse engineer and write exploits for various operating systems, databases, and applications
* Automate reporting and analysis of security log files

Download:
http://rapidshare.com/files/59583021/1597499978.rar

John Aycock, �Computer Viruses and Malware� (Advances in Information Security)
ISBN: 0387302360 | Publisher: Springer | Publication Date: 2006-07-20 | 227 Pages | PDF | 9,4 Mb

Our Internet-connected society increasingly relies on computers. As a result, attacks on computers from malicious software have never been a bigger concern. Computer Viruses and Malware draws together hundreds of sources to provide an unprecedented view of malicious software and its countermeasures. This book discusses both the technical and human factors involved in computer viruses, worms, and anti-virus software. It also looks at the application of malicious software to computer crime and information warfare.

Computer Viruses and Malware is designed for a professional audience composed of researchers and practitioners in industry. This book is also suitable as a secondary text for advanced-level students in computer science.

Link Download:
Code:

http://dl32tl.rapidshare.com/files/6153249/Computer.Viruses.and.Malware.rar

Hacking RSS and Atom
Wiley | ISBN: 0764597582 | 602 pages | September 9, 2005 | PDF

Now you can satisfy your appetite for information
This book is not about the minutia of RSS and Atom programming. It's about doing cool stuff with syndication feeds-making the technology give you exactly what you want the way you want. It's about building a feed aggregator and routing feeds to your e-mail or iPod, producing and hosting feeds, filtering, sifting, and blending them, and much more. Tan-talizing loose ends beg you to create more hacks the author hasn't thought up yet. Because if you can't have fun with the technology, what's the point?

A sampler platter of things you'll learn to do
* Build a simple feed aggregator
* Add feeds to your buddy list
* Tune into rich media feeds with BitTorrent
* Monitor system logs and events with feeds
* Scrape feeds from old-fashioned Web sites
* Reroute mailing lists into your aggregator
* Distill popular links from blogs
* Republish feed headlines on your Web site
* Extend feeds using calendar events and microformats

http://rapidshare.com/files/21590434/0764597582.rar

IT organizations face pressure to increase productivity, improve
application performance, support global collaboration, improve data
protection, and minimize costs. In today's WAN-centered environments,
traditional LAN-oriented infrastructure approaches are insufficient to
meet these goals. Application Acceleration and WAN Optimization
Fundamentals introduces a better solution: integrating today's new
generation of accelerator solutions to efficiently and effectively scale
networks beyond traditional capabilities while improving performance and
minimizing costs through consolidation.

Ted Grevers and Joel Christner begin by reviewing the challenges network
professionals face in delivering applications to globally distributed
workforces. You learn how accelerators are transforming application
business models, enabling IT departments to centralize and consolidate
resources while also delivering consistently superior performance.

Grevers and Christner show how to identify network consumers, prioritize
traffic, and guarantee appropriate throughput and response times to
business-critical applications. You learn how to use quality of service
techniques such as packet classification and marking and traffic
policing, queuing, scheduling, and shaping.

Next, you compare options for integrating accelerators and optimization
services into your network and for optimizing content delivery. The
authors show how to address application protocol-related performance
problems that cannot be resolved through compression or flow
optimization alone. In the final chapter, the authors walk you through
several real-world scenarios for utilizing accelerator technology.

Ted Grevers, Jr., is the solution manager for the Cisco(r) Video IPTV
Systems Test and Architecture (C-VISTA) team. He has extensive
experience in the content delivery network (CDN) market, focusing on
enterprise and service provider content delivery and application
optimization needs.

Joel Christner, CCIE(r) No. 15311, is the manager of technical marketing
for the Cisco Application Delivery Business Unit (ADBU). He has
extensive experience with application protocols, acceleration
technologies, LAN/WAN infrastructure, and storage networking. Grevers
and Christner are key contributors to the design and architecture of
Cisco application delivery and application acceleration solutions.

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/1587053160/

Download:
Code:

http://rapidshare.com/files/93708532/Cisco.Press.Application.Acceleration.and.WAN.Optimization.Fundamentals.Jul.2007.c

Interconnecting Cisco Network Devices, Part 1 (ICND1), Second Edition,
is a Cisco-authorized, self-paced learning tool for CCENT and CCNA
foundation learning. This book provides you with the knowledge needed to
configure Cisco switches and routers to operate in corporate
internetworks. By reading this book, you will gain a thorough
understanding of concepts and configuration procedures required to build
a multiswitch, multirouter, and multigroup internetwork that uses LAN
and WAN interfaces for the most commonly used routing and routed
protocols.

In Interconnecting Cisco Network Devices, Part 1 (ICND1), you will study
installation and configuration information that network administrators
need to install and configure Cisco products. Specific topics include
building a simple network, Ethernet LANs, wireless LANs (WLANs), LAN and
WAN connections, and network management. Chapter-ending review questions
illustrate and help solidify the concepts presented in the book.

Whether you are preparing for CCENT or CCNA certification or simply want
to gain a better understanding of how to build small Cisco networks, you
will benefit from the foundation information presented in this book.

Interconnecting Cisco Network Devices, Part 1 (ICND1), is part of a
recommended learning path from Cisco that includes simulation and
hands-on training from authorized Cisco Learning Partners and self-study
products from Cisco Press. To find out more about instructor-led
training, e-learning, and hands-on instruction offered by authorized
Cisco Learning Partners worldwide, please visit
www.cisco.com/go/authorizedtraining.

Steve McQuerry, CCIE No. 6108, is a consulting systems engineer with
Cisco. He focuses on data center architecture. Steve works with
enterprise customers in the Midwestern United States to help them plan
their data center architectures. Steve has been an active member of the
internetworking community since 1991 and has held multiple
certifications from Novell, Microsoft, and Cisco. Prior to joining
Cisco, Steve worked as an independent contractor with Global Knowledge
where he taught and developed coursework around Cisco technologies and
certifications.

- Understand the principles on which basic networks operate
- Explore the operation and configuration of LANs
- Extend the boundaries of the network by implementing and securing
wireless connectivity
- Configure routers to provide connectivity between different networks
- Learn about IP addressing number conversion
- Establish WAN interconnectivity using point-to-point links, DSL, and
cable services
- Configure Network Address Translation (NAT)
- Use Cisco IOS commands to determine the layout of a Cisco network
topology
- Manage the router startup and work with IOS configuration files and
Cisco IOS images

URL:
Code:

http://www.amazon.com/exec/obidos/tg/detail/-/1587054620/

Download:
Code:

http://rapidshare.com/files/93719596/Cisco.Press.Interconnecting.Cisco.Network.Devices.Part.2.ICND2.Feb.2008.pdf

Cisco Press | ISBN:1587051753 | 912 pages | CHM | 6 Mb
Harden perimeter routers with Cisco firewall functionality and features to ensure network security

Detect and prevent denial of service (DoS) attacks with TCP Intercept, Context-Based Access Control (CBAC), and rate-limiting techniques
Use Network-Based Application Recognition (NBAR) to detect and filter unwanted and malicious traffic
Use router authentication to prevent spoofing and routing attacks
Activate basic Cisco IOS filtering features like standard, extended, timed, lock-and-key, and reflexive ACLs to block various types of security threats and attacks, such as spoofing, DoS, Trojan horses, and worms
Use black hole routing, policy routing, and Reverse Path Forwarding (RPF) to protect against spoofing attacks
Apply stateful filtering of traffic with CBAC, including dynamic port mapping
Use Authentication Proxy (AP) for user authentication
Perform address translation with NAT, PAT, load distribution, and other methods
Implement stateful NAT (SNAT) for redundancy
Use Intrusion Detection System (IDS) to protect against basic types of attacks
Obtain how-to instructions on basic logging and learn to easily interpret results
Apply IPSec to provide secure connectivity for site-to-site and remote access connections
Read about many, many more features of the IOS firewall for mastery of router security

The Cisco IOS firewall offers you the feature-rich functionality that you've come to expect from best-of-breed firewalls: address translation, authentication, encryption, stateful filtering, failover, URL content filtering, ACLs, NBAR, and many others. Cisco Router Firewall Security teaches you how to use the Cisco IOS firewall to enhance the security of your perimeter routers and, along the way, take advantage of the flexibility and scalability that is part of the Cisco IOS Software package.

Each chapter in Cisco Router Firewall Security addresses an important component of perimeter router security. Author Richard Deal explains the advantages and disadvantages of all key security features to help you understand when they should be used and includes examples from his personal consulting experience to illustrate critical issues and security pitfalls. A detailed case study is included at the end of the book, which illustrates best practices and specific information on how to implement Cisco router security features.

Download:
http://www.paid4share.com/file/267/1587051753-rar.html

Paperback: 360 pages
Publisher: Cisco Press; 1 edition (September 6, 2007)
Language: English
ISBN-10: 1587052563
ISBN-13: 978-1587052569

http://rapidshare.com/files/70539213/cplanss07.rar.html

Blog Archive

Partners

Download Free Ebook Video Training

CATEGORIES